CVE-2015-5261

HIGH

SPICE <0.12.6 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

References (10)

Core 10
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1890.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/06/4
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201606-05
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1261889
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2766-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1889.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3371
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033753

Scores

CVSS v3 7.1
EPSS 0.0049
EPSS Percentile 38.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-119
Status published
Products (16)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.04
debian/debian_linux 7.0
debian/debian_linux 8.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_hpc_node 6.0
redhat/enterprise_linux_hpc_node 7.0
redhat/enterprise_linux_hpc_node_eus 7.1
redhat/enterprise_linux_server 6.0
... and 6 more
Published Jun 07, 2016
Tracked Since Feb 18, 2026